<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="Importing a Certificate">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="en-us_topic_0000001792345346.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="30-OceanProtect Appliance 1.5.0-1.6.0 Help Center">
<meta name="DC.Publisher" content="20240608">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="EN-US_TOPIC_0000001792345242">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>Importing a Certificate</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="EN-US_TOPIC_0000001792345242"></a><a name="EN-US_TOPIC_0000001792345242"></a>

<h1 class="topictitle1">Importing a Certificate</h1>
<div><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_p968319225509">This section describes how to update certificates through certificate importing.</p>
<div class="section" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_section5166455152915"><h4 class="sectiontitle">Context</h4><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_p1418115589292">The ProtectAgent certificate is used to ensure communication security between ProtectAgent and the <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1951573119409">OceanProtect</span>. The server certificate is used to ensure communication security when the <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text717283812400">OceanProtect</span> receives external access requests. The internal communication certificate and internal database certificate are used only to ensure internal communication security among internal components of the <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1423619406401">OceanProtect</span>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_section19640436665"><h4 class="sectiontitle">Important Notes</h4><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p1614312114711">To ensure the security when the management IP addresses or domain names of multiple controllers are used to access the storage system, ensure that the CSR file contains the management IP addresses or domain names of these controllers. After obtaining the certificate file from the CA, open the certificate file in the Windows operating system. On the <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b873105115815">Details</strong> tab page, check whether the value of <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b2069517148595">Subject Alternative Name</strong> contains the domain names or management IP addresses of multiple controllers. The following example indicates that <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b1928971299">thtest.spe02.com</strong> and <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b17356611142912">thtest2.spe02.com</strong> can be used to access the storage system securely.</p>
<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p122494559557"><span><img id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_image1499414644514" src="en-us_image_0000001792526966.png"></span></p>
</div>
<div class="section" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_section364572881212"><h4 class="sectiontitle">Procedure</h4><ol id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_en-us_topic_0223232411_ol48781090"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_en-us_topic_0223232618_li3061316"><span>Choose <span class="menucascade" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_menucascade8194162364916"><b><span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_uicontrol91941523104915"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_text1761214215505"><strong>System</strong></span></span></b> &gt; <b><span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_uicontrol18595152410491"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_text1080662810507"><strong>Security</strong></span></span></b> &gt; <b><span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_uicontrol13841929154910"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001839166285_en-us_topic_0000001263613156_text3285194545012"><strong>Certificate</strong></span></span></b></span>.</span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_en-us_topic_0274211889_en-us_topic_0224938451_li18900716111720"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_uicontrol1288183253719"><b><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text14526153812368"><strong>More</strong></span></b></span> on the right of a certificate.</span><p><ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_ul3208960578"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li1820886135713"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text694191624814"><strong>ProtectAgent Certificate</strong></span>/<span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text2646528134817"><strong>Server Certificate</strong></span>/<span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text18658439104812"><strong>Internal communication Certificate</strong></span>/<span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text113531147114812"><strong>Internal database Certificate</strong></span><ol type="a" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_ol964810142571"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li1648131485714">Select <span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_uicontrol129843326381"><b><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text550113579267"><strong>Import Certificate</strong></span></b></span>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li18950210145810">Set certificate information.<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_p20950171095812"><a name="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li18950210145810"></a><a name="en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li18950210145810"></a><a href="#EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_table873512316535">Table 1</a> lists the parameters.</p>

<div class="tablenoborder"><a name="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_table873512316535"></a><a name="en-us_topic_0000001792526934_en-us_topic_0000001311093369_table873512316535"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_table873512316535" width="90%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Certificate parameters</caption><colgroup><col style="width:14.299999999999999%"><col style="width:59.099999999999994%"><col style="width:26.6%"></colgroup><thead align="left"><tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row15736172345313"><th align="left" class="cellrowborder" valign="top" width="14.299999999999999%" id="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.1"><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p187361123105312">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="59.099999999999994%" id="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.2"><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p207361423165316">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="26.6%" id="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.3"><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p13439721254">Remarks</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row1173622315315"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_p421118911570"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1433854010578"><strong>CA Certificate</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p197361423115314">Click <span><img id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_image6876143882219" src="en-us_image_0000001792367226.png"></span> and select the CA certificate file corresponding to the certificate to be imported.</p>
<div class="note" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_note1273618234537"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ul1873642345318"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li13736172365317">The size of the CA certificate file to be imported cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li47361923165315">The content of the CA certificate file to be imported must be in <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b631057194310">x.509</strong> format, and the file name extension must be <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b13475764317">.pem</strong>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li52941752152020">If the CA certificate file is not the root one, add a certificate chain file. For details about how to create a certificate chain file, see <a href="en-us_topic_0000001839246277.html">Creating a Certificate Chain File</a>. A maximum of three levels of CAs are supported for the server certificate and ProtectAgent certificate.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li920514105222">The internal communication certificate or internal database certificate supports only one level of CA.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p4615902714">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ul54671421673"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li1448718164118"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text750414914490"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li1375132813114"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1768291610497"><strong>ProtectAgent Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li74671121476"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text79981522194917"><strong>Internal communication Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li17134961573"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text20920162817495"><strong>Internal database Certificate</strong></span></li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row14736192317537"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p1773672345313"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text129008714288"><strong>Server Certificate</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p12736132395312">Click <span><img id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_image995599142611" src="en-us_image_0000001839246293.png"></span> and select the server certificate file to be imported.</p>
<div class="note" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_note147361323105317"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ul773612395310"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li073618232531">The size of the certificate file to be imported cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li77361723185318">The content of the certificate file to be imported must be in <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b105926016456">x.509</strong> format, and the file name extension must be <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b125981208457">.pem</strong>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li4296142914710">The common name (CN) of the server certificate must be different from that of the CA certificate.<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_p10463202015201"><a name="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li4296142914710"></a><a name="en-us_topic_0000001792526934_en-us_topic_0000001311093369_li4296142914710"></a>Check method: Open the server certificate in CER format and check whether the value of <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b116843451547">Issued to</strong> (CN of the server certificate) is different from the value of <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b66911545241">Issued by</strong> (CN of the CA certificate) on the <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b8691194517411">General</strong> tab page.</p>
</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li8169939376">The common name (CN) of the ProtectAgent server certificate must be <span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_uicontrol19552574375"><b>OceanProtect-AGENT</b></span>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li19052315203">For the internal communication certificate and internal database certificate, SubjectAltName (SAN) must be configured for the server certificate, and SAN must contain <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b1926513519416">DNS:*.dpa.svc.cluster.local</strong>.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_p11689653504">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_ul86891150500"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li168912515502"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text668915105015"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li196891513504"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text126894565019"><strong>ProtectAgent Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li5689185115017"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text6689755509"><strong>Internal communication Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li568915115013"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1568911512508"><strong>Internal database Certificate</strong></span></li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row373617231534"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p173662317539"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text587115191289"><strong>Server Private Key</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p14736923185319">Click <span><img id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_image4943131772615" src="en-us_image_0000001792526970.png"></span> and select the private key file corresponding to the server certificate file to be imported.</p>
<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p71601758104914">If the server certificate is generated by the CA based on the request file exported from the <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text8828841184017">OceanProtect</span>, you do not need to set this parameter.</p>
<div class="note" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_note187361123125313"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ul773642311538"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li9736112319533">The size of the private key file cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li1573612311532">The extension of the private key file must be <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b13501831104518">.pem</strong>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li911154919211">The private key file must be encrypted. If your private key file is in plaintext, perform operations by referring to <a href="en-us_topic_0000001792367194.html">Encrypting the Plaintext Private Key File</a>.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_p1047918287504">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_ul2479162835019"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li1747910281506"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text154797284508"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li16479132810501"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text19479192813504"><strong>ProtectAgent Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li8479228185011"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text15479132817504"><strong>Internal communication Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li1647932845020"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1647932855010"><strong>Internal database Certificate</strong></span></li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row77369237535"><td class="cellrowborder" valign="top" width="14.299999999999999%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.1 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p15736182385312"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text12260152742815"><strong>Server Private Key Password</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="59.099999999999994%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.2 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p2073632385316">Import the password of the server private key file.</p>
<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p1958245195120">If the server certificate is generated by the CA based on the request file exported from the <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1756534219403">OceanProtect</span>, you do not need to set this parameter.</p>
<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p873612315533">[Value range]</p>
<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p873682385317">The value contains 1 to 512 characters.</p>
<div class="note" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_note66988512353"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p156987520352">For the internal communication certificate, the password must contain 8 to 64 characters, including digits, uppercase letters, lowercase letters, and special characters.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="26.6%" headers="mcps1.3.4.2.2.2.1.1.5.2.2.2.4.1.3 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_p3751736125014">Applicable certificate types:</p>
<ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_ul775183665013"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li117511736135016"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text37511336145015"><strong>Server Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li12752183613500"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text5752183665019"><strong>ProtectAgent Certificate</strong></span></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li2752113616506"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text157521636185010"><strong>Internal communication Certificate</strong></span></li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_note420122614368"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ul2568183912262"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li10617949153020">In the non-multi-cluster scenario, if the certificate type is <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b101618332403">Server Certificate</strong> or <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b43161037204011">ProtectAgent Certificate</strong>, importing the certificate is to push the updated certificate to the ProtectAgent hosts in batches.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li15681939152612">In the remote replication scenario, after replacing the server certificate of the source or target end, you need to use the certificate issued by the same CA certificate to replace the server certificate of the other end. Otherwise, remote replication will fail.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li75697397266">If ProtectAgent has been installed and the new server certificate and client certificate are not issued by the same CA certificate, when you update the server certificate, you need to replace the client certificate after the server certificate is updated. For details, see <a href="en-us_topic_0000001792367190.html">Replacing the SSL Certificate of ProtectAgent on the Client (Non-Windows OS)</a>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_li14512092518">Only certificates whose signature algorithm is SHA-256, SHA-384, or SHA-512 can be imported.</li></ul>
</div></div>
</li></ol>
</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li1887512013195">External certificate<div class="p" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p86281856144920"><a name="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li1887512013195"></a><a name="en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li1887512013195"></a>External certificate types include <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b1898711521217">Email</strong>, <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text51806221481"><strong>Object Storage</strong></span>, <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text54813184819"><strong>External Storage</strong></span>, <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text1354317244381"><strong>Backup/Multi-domain/Replication Cluster</strong></span>, <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b888090142210">LDAP</strong>, and <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_b15351115172219">HCS IAM</strong>.<ol type="a" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ol1216319536494"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li121631853134912">Select <span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text18586191719277"><strong>Import Certificate</strong></span>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li816355364914">Set certificate information.<p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p2016385394915"><a name="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li816355364914"></a><a name="en-us_topic_0000001792526934_en-us_topic_0000001311093369_li816355364914"></a><a href="#EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_table8163155320491">Table 2</a> lists the parameters.</p>

<div class="tablenoborder"><a name="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_table8163155320491"></a><a name="en-us_topic_0000001792526934_en-us_topic_0000001311093369_table8163155320491"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_table8163155320491" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Certificate parameters</caption><colgroup><col style="width:28.060000000000002%"><col style="width:71.94%"></colgroup><thead align="left"><tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row101639539491"><th align="left" class="cellrowborder" valign="top" width="28.060000000000002%" id="mcps1.3.4.2.2.2.1.2.1.7.2.2.2.3.1.1"><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p9163155374912">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="71.94%" id="mcps1.3.4.2.2.2.1.2.1.7.2.2.2.3.1.2"><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p15163175313498">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_row8163953144912"><td class="cellrowborder" valign="top" width="28.060000000000002%" headers="mcps1.3.4.2.2.2.1.2.1.7.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p2163185364913"><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_text4941226717"><strong>CA Certificate</strong></span></p>
</td>
<td class="cellrowborder" valign="top" width="71.94%" headers="mcps1.3.4.2.2.2.1.2.1.7.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_p2163135384910">Click <span><img id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_image9924846115213" src="en-us_image_0000001839166341.png"></span> and select the CA certificate corresponding to the certificate to be imported.</p>
<div class="note" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_note14163175319497"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_ul8163053164910"><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li3163135310493">The size of the CA certificate to be imported cannot exceed 1 MB.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li11163053154917">The content of the CA certificate to be imported must be in <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b16419250101613">x.509</strong> format, and the file name extension must be <strong id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_b14420105012162">.pem</strong>.</li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_li316375354913">If the CA certificate is not the root one, add a complete certificate chain file. For details about how to create a certificate chain file, see <a href="en-us_topic_0000001839246277.html">Creating a Certificate Chain File</a>. The external certificate supports a maximum of ten levels of CAs.</li></ul>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</div>
</li></ul>
</p></li><li id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_en-us_topic_0267359412_li19950112183913"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_uicontrol531873373910"><b><span id="EN-US_TOPIC_0000001792345242__en-us_topic_0000001792526934_en-us_topic_0000001311093369_text937941184019"><strong>OK</strong></span></b></span>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000001792345346.html">Managing Certificates</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">Copyright &copy; Huawei Technologies Co., Ltd.</div></body>
</html>